/**
*    This file is part of Basic Service.
*
*    Basic Service is free software: you can redistribute it and/or modify
*    it under the terms of the GNU General Public License as published by
*    the Free Software Foundation, either version 3 of the License, or
*    (at your option) any later version.
*
*    Basic Service is distributed in the hope that it will be useful,
*    but WITHOUT ANY WARRANTY; without even the implied warranty of
*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*    GNU General Public License for more details.
*
*    You should have received a copy of the GNU General Public License
*    along with Basic Service (See GPL.txt).  If not, see <http://www.gnu.org/licenses/>.
*    
* 	If needed the author is Amir Zucker and can be reached at amirzucker1@gmail.com or amirzucker.wordpress.com
*/
package com.basicservice.dto.validators;

import org.owasp.appsensor.errors.AppSensorException;
import org.owasp.esapi.errors.IntrusionException;
import org.owasp.esapi.errors.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.basicservice.service.SecurityService;

public class SanitizedString extends SafeString {
	private static final Logger LOG = LoggerFactory.getLogger(SafeString.class);

	protected Constants constants;
	
	protected SecurityService securityService;

	public SanitizedString(Constants constants) {
		this.constants = constants;
	}

	public void setSecurityService(SecurityService securityService) {
		this.securityService = securityService;
	}
	
	/**
	 * @throws Exception 
	 */
	@Override
	public void doActualValidation() throws Exception {
		LOG.debug("doActualValidation: validating [" + value + "] using:" + constants.CODE + " with length: " + constants.LENGTH);
		try {
			this.value = securityService.getValidInput(constants.CODE, value,
					constants.CODE, constants.LENGTH, false);
		}  catch (ValidationException e) {
			LOG.debug("ValidateValue: got exception for value " + value + ": " , e);
			// any exception while validating should nullify the value since we 
			// can't use it non-validated
			value = null;
			throw new AppSensorException(constants.ERROR_CODE_VALIDATION_ERROR,
					constants.validationErrorMessage,
					constants.validationErrorLogEntry);
		} catch (IntrusionException e) {
			// any exception while validating should nullify the value since we 
			// can't use it non-validated
			LOG.debug("ValidateValue: got exception for value " + value + ": " , e);
			value = null;
			throw new AppSensorException(constants.ERROR_CODE_INTRUSION_ERROR,
					constants.intrusionErrorMessage,
					constants.intrusionErrorLogEntry);
		} catch (Exception e) {
			// any exception while validating should nullify the value since we 
			// can't use it non-validated
			LOG.debug("ValidateValue: got exception for value " + value + ": " , e);
			value = null;
			throw e;
		}
	}

	protected static class Constants {
		public String CODE;
		public int LENGTH;
		public String ERROR_CODE_VALIDATION_ERROR;
		public String validationErrorMessage;
		public String validationErrorLogEntry;
		public String ERROR_CODE_INTRUSION_ERROR;
		public String intrusionErrorMessage;
		public String intrusionErrorLogEntry;

		/**
		 * @param CODE
		 * @param LENGTH
		 * @param validationErrorMessage
		 * @param validationErrorLogEntry
		 * @param intrusionErrorMessage
		 * @param intrusionErrorLogEntry
		 */
		public Constants(String CODE, int LENGTH,
				String ERROR_CODE_VALIDATION_ERROR,
				String validationErrorMessage, String validationErrorLogEntry,
				String ERROR_CODE_INTRUSION_ERROR,
				String intrusionErrorMessage, String intrusionErrorLogEntry) {
			this.CODE = CODE;
			this.LENGTH = LENGTH;
			this.ERROR_CODE_VALIDATION_ERROR = ERROR_CODE_VALIDATION_ERROR;
			this.validationErrorMessage = validationErrorMessage;
			this.validationErrorLogEntry = validationErrorLogEntry;
			this.ERROR_CODE_INTRUSION_ERROR = ERROR_CODE_INTRUSION_ERROR;
			this.intrusionErrorMessage = intrusionErrorMessage;
			this.intrusionErrorLogEntry = intrusionErrorLogEntry;
		}
		
		public final static Constants EmailValidatedStringConstants = 
				new Constants(
						"Email",100,
						"VE2", "Invalid Email", "Validation failed on Email",
						"IE2", "Invalid Email", "Possible intrusion detected while parsing Email");
		
		public final static Constants UUIDValidatedStringConstants = 
				new Constants(
						"UUID",36,
						"VE1", "Invalid UUID", "Validation failed on UUID",
						"IE1", "Invalid UUID", "Possible intrusion detected while parsing UUID");
		public final static Constants PasswordValidatedStringConstants = 
				new Constants(
						"Password",20,
						"VE3", "Invalid Password", "Validation failed on Password",
						"IE3", "Invalid Password", "Possible intrusion detected while parsing Password");
	}
}
